How poetic is it that less than day after Sony is cleared of almost any wrongdoings in the PSN hack, the PS3 is hacked to bits. In what could only be described as the ultimate hack, the hacking community has released a version of PS3 firmware that can now give modders access to PSN. The catch is that you have to be running firmware version 3.55 or lower to be able to mount this custom firmware. Version 3.6 made it incredibly difficult for anyone to hack the PS3 in its current state. That means we might see a lot more hacked PS3s gaming online, but this isn’t the bad news though…
The bad news is, after this firmware was released free to the public, another team of hackers called the “The Three Tusketeers” have released the LV0 decryption key for the PS3. This means that once the firmware is mounted, hackers can decrypt any new updates that Sony might try to send to the console. Even if Sony tries to change passphrase, hackers can repackage the new updates as ver. 3.55 and run the new features on the hacked console. The Tusketeers had apparently been sitting on this key for some time, but didn’t want to release it before the custom firmware was made public. That way no one would profit from their hard work. So today is a bad day for PlayStation.
The bad news is, after this firmware was released free to the public, another team of hackers called the “The Three Tusketeers” have released the LV0 decryption key for the PS3. This means that once the firmware is mounted, hackers can decrypt any new updates that Sony might try to send to the console. Even if Sony tries to change passphrase, hackers can repackage the new updates as ver. 3.55 and run the new features on the hacked console. The Tusketeers had apparently been sitting on this key for some time, but didn’t want to release it before the custom firmware was made public. That way no one would profit from their hard work. So today is a bad day for PlayStation.
Sony is waking up to a new PlayStation 3 security nightmare after a day in which a brand new, PSN-enabled custom firmware was released for hacked consoles, swiftly followed up by publication of the console's LV0 decryption keys - which some say blows the system wide open.
We've been here before of course. Over two years ago, the first piracy-enabling firmware and USB dongle combo - PSJailbreak was released, which exploited a weakness in the PS3's USB protocols, allowing for the system software to be patched in order to run copied software running from hard disk. This was followed up some time later by the release of tools from hacker group fail0verflow, which allowed users to encrypt files for the system in the same way that Sony does, allowing for a new wave of piracy. Geohot's public release of the "metldr" root key also added to the challenges facing Sony, resulting in a messy legal battle.
The firm's response - firmware 3.60 - plugged many of the holes, neatly working around the entire root key problem, and even with the release of the new custom firmware, any console running system software 3.60 or higher is effectively locked out. Only hacked consoles, or those still running 3.55 or lower can run the new code unless expensive, difficult-to-install hardware downgrade devices are utilised on older hardware.
Despite the effectiveness of firmware 3.60, PS3 has still had to contend with piracy issues, notably the JB2/TrueBlue dongle, but this hack still locked consoles to 3.55 and stopped compromised consoles gaining access to PSN - until recently at least, where the "passphrase" security protocol protecting PSN was leaked, giving hacked consoles full access to the service.
The release of the new custom firmware - and the LV0 decryption keys in particular - poses serious issues. While Sony will almost certainly change the PSN passphrase once again in the upcoming 4.30 update, the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever. Options Sony has in battling this leak are limited - every PS3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch PS3 can still update directly to the latest software). The release of the LV0 key allows for that to be achieved on PC, with the CoreOS and XMB files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles.
So just how did LV0 come to be released at all? The original hackers who first found the master key - calling themselves "The Three Tuskateers" - apparently sat on its discovery for some time. However, the information leaked and ended up being the means by which a new Chinese hacking outfit - dubbed "BlueDiskCFW" planned to charge for and release new custom firmware updates. To stop these people profiteering from their work, the "Muskateers" released the LV0 key and within 24 hours, a free CFW update was released.
"You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," a statement from the hacker group says.
We have approached Sony for comment.
We've been here before of course. Over two years ago, the first piracy-enabling firmware and USB dongle combo - PSJailbreak was released, which exploited a weakness in the PS3's USB protocols, allowing for the system software to be patched in order to run copied software running from hard disk. This was followed up some time later by the release of tools from hacker group fail0verflow, which allowed users to encrypt files for the system in the same way that Sony does, allowing for a new wave of piracy. Geohot's public release of the "metldr" root key also added to the challenges facing Sony, resulting in a messy legal battle.
The firm's response - firmware 3.60 - plugged many of the holes, neatly working around the entire root key problem, and even with the release of the new custom firmware, any console running system software 3.60 or higher is effectively locked out. Only hacked consoles, or those still running 3.55 or lower can run the new code unless expensive, difficult-to-install hardware downgrade devices are utilised on older hardware.
Despite the effectiveness of firmware 3.60, PS3 has still had to contend with piracy issues, notably the JB2/TrueBlue dongle, but this hack still locked consoles to 3.55 and stopped compromised consoles gaining access to PSN - until recently at least, where the "passphrase" security protocol protecting PSN was leaked, giving hacked consoles full access to the service.
The release of the new custom firmware - and the LV0 decryption keys in particular - poses serious issues. While Sony will almost certainly change the PSN passphrase once again in the upcoming 4.30 update, the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever. Options Sony has in battling this leak are limited - every PS3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch PS3 can still update directly to the latest software). The release of the LV0 key allows for that to be achieved on PC, with the CoreOS and XMB files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles.
So just how did LV0 come to be released at all? The original hackers who first found the master key - calling themselves "The Three Tuskateers" - apparently sat on its discovery for some time. However, the information leaked and ended up being the means by which a new Chinese hacking outfit - dubbed "BlueDiskCFW" planned to charge for and release new custom firmware updates. To stop these people profiteering from their work, the "Muskateers" released the LV0 key and within 24 hours, a free CFW update was released.
"You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," a statement from the hacker group says.
We have approached Sony for comment.
Comment